fix(koi): use madohomu proxy
This commit is contained in:
parent
91f00475f0
commit
90a6952fa4
SSH key fingerprint:
SHA256:uNeCpw6aTSU4aIObXLvHfLkDa82HWH9EiOj9AXOIRpI
2 changed files with 53 additions and 10 deletions
|
|
@ -2,9 +2,14 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
secrets = import (abs "lib/secrets.nix");
|
secrets = import (abs "lib/secrets.nix");
|
||||||
|
secretsUnsafe = pkgs.callPackage (abs "lib/secrets-unsafe.nix") {};
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
(secrets.declare [ "ss-desu-arm-password" "ss-desu-arm-ip" ])
|
(secrets.declare [
|
||||||
|
"madohomu-singbox-pub"
|
||||||
|
"madohomu-singbox-sid"
|
||||||
|
"madohomu-singbox-koi-uuid"
|
||||||
|
])
|
||||||
];
|
];
|
||||||
|
|
||||||
services.sing-box = {
|
services.sing-box = {
|
||||||
|
|
@ -94,21 +99,59 @@ in {
|
||||||
{ tag = "direct"; type = "direct"; }
|
{ tag = "direct"; type = "direct"; }
|
||||||
{ tag = "dns-out"; type = "dns"; }
|
{ tag = "dns-out"; type = "dns"; }
|
||||||
{
|
{
|
||||||
tag = "ss-desu-arm";
|
tag = "xtls-madoka";
|
||||||
type = "shadowsocks";
|
type = "vless";
|
||||||
server._secret = config.age.secrets.ss-desu-arm-ip.path;
|
flow = "xtls-rprx-vision";
|
||||||
server_port = 9000;
|
server = secretsUnsafe.readUnsafe "madoka-ip";
|
||||||
method = "chacha20-ietf-poly1305";
|
server_port = 443;
|
||||||
password._secret = config.age.secrets.ss-desu-arm-password.path;
|
domain_strategy = "";
|
||||||
udp_over_tcp = {
|
packet_encoding = "";
|
||||||
|
tls = {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
version = 1;
|
alpn = [ "h2" ];
|
||||||
|
server_name = "updates.cdn-apple.com";
|
||||||
|
reality = {
|
||||||
|
enabled = true;
|
||||||
|
public_key._secret = secrets.file config "madohomu-singbox-pub";
|
||||||
|
short_id._secret = secrets.file config "madohomu-singbox-sid";
|
||||||
};
|
};
|
||||||
|
utls = { enabled = true; fingerprint = "edge"; };
|
||||||
|
};
|
||||||
|
uuid._secret = secrets.file config "madohomu-singbox-koi-uuid";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
tag = "xtls-homura";
|
||||||
|
type = "vless";
|
||||||
|
flow = "xtls-rprx-vision";
|
||||||
|
server = secretsUnsafe.readUnsafe "homura-ip";
|
||||||
|
server_port = 443;
|
||||||
|
domain_strategy = "";
|
||||||
|
packet_encoding = "";
|
||||||
|
tls = {
|
||||||
|
enabled = true;
|
||||||
|
alpn = [ "h2" ];
|
||||||
|
server_name = "updates.cdn-apple.com";
|
||||||
|
reality = {
|
||||||
|
enabled = true;
|
||||||
|
public_key._secret = secrets.file config "madohomu-singbox-pub";
|
||||||
|
short_id._secret = secrets.file config "madohomu-singbox-sid";
|
||||||
|
};
|
||||||
|
utls = { enabled = true; fingerprint = "edge"; };
|
||||||
|
};
|
||||||
|
uuid._secret = secrets.file config "madohomu-singbox-koi-uuid";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
tag = "auto";
|
||||||
|
type = "urltest";
|
||||||
|
outbounds = [
|
||||||
|
"xtls-madoka"
|
||||||
|
"xtls-homura"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
route = {
|
route = {
|
||||||
final = "ss-desu-arm";
|
final = "auto";
|
||||||
rules = [
|
rules = [
|
||||||
{
|
{
|
||||||
inbound = [ "dns-in" ];
|
inbound = [ "dns-in" ];
|
||||||
|
|
|
||||||
BIN
secrets/madohomu-singbox-koi-uuid.age
Normal file
BIN
secrets/madohomu-singbox-koi-uuid.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue